-
I don't know if it's within the scope of the httplint project, but the CSP header isn't presently recognised as a valid header.
https://w3c.github.io/webappsec/specs/content-security-policy/#content-…
-
Support objects equivalent to the Document-Policy and Require-Document-Policy headers, as per
https://github.com/w3c/webappsec-feature-policy/blob/master/document-policy-explainer.md
which splits ou…
-
Currently only https://w3c.github.io/webappsec-csp/#should-block-inline sets it, but it seems for a large set of Fetch cases it could also be set, provided we refactor Fetch and HTML...
Per @mikewe…
-
This issue is a reminder to keep an eye on https://github.com/w3c/webappsec-feature-policy/issues/273, when a decision is reached there to (probably) synchronize https://drafts.csswg.org/css-nav-1/#po…
-
From the specification of `SecurityPolicyViolationEvent`, it is not clear what the `columnNumber` counts.
https://w3c.github.io/webappsec-csp/#securitypolicyviolationevent
Open questions (for me) …
-
Reference: https://github.com/w3c/webappsec-referrer-policy/pull/35
@annevk @estark37
Because referrerPolicy is not treated as relevant mutations (like crossOrigin), setting the attribute will not tr…
-
### Is your feature request related to a problem? Please describe
In [A Well-Known URL for Changing Passwords](https://w3c.github.io/webappsec-change-password-url/) the w3c defines a standard URL f…
-
Bikeshed currently does not have support for named constructors. COWL is currently using static methods to bypass this, but it would be great if we didn't have to. While digging around, I believe ther…
deian updated
7 years ago
-
It seems that https://github.com/WebAssembly/content-security-policy/blob/main/proposals/CSP.md hasn't been integrated here yet, but https://w3c.github.io/webappsec-csp/#can-compile-wasm-bytes does ex…
-
Note the difference:
https://www.w3.org/TR/CSP2/#directive-frame-ancestors says
ancestor-source = scheme-source / host-source
https://w3c.github.io/webappsec-csp/#grammardef-ancesto…